Denial of Service Flaw in Oracle MySQL Server Affects Multiple Versions
CVE-2025-21531

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Cluster; Mysql Server
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in the Oracle MySQL Server, specifically within the InnoDB component, allowing an attacker with high privileges and network access to exploit the server. This can lead to severe consequences, such as inducing a hang or recurrent crashes, effectively resulting in a denial-of-service (DoS) scenario. The impact affects specific supported versions, making it crucial for users to assess and apply recommended patches to mitigate potential risks.

Affected Version(s)

MySQL Cluster * <= 7.6.32

MySQL Cluster * <= 8.0.40

MySQL Cluster * <= 8.4.3

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024